5 Years in Review: 5 Can’t-Miss Posts From Our Archive of 450+

Five years is a blink of the eye in time, but in technology, a lot can happen. This year, we’re celebrating the fifth year of the Threat Stack blog. We’ve been digging around our archives and analyzing the metrics to see what’s changed in the market since our inception, how our own product has evolved, and what topics are still tried and true.

Some things changed, and some stayed the same. Most interesting, we saw five of our personal favorite topics rise to the top in terms of article popularity. Some written several years ago, some written this year, they’re indicative of how the market is shifting and what companies are focused on today.

Without further ado, here are the five most-read articles of all time on our blog, and if you haven’t read them, data says you should. Read more “5 Years in Review: 5 Can’t-Miss Posts From Our Archive of 450+”

5 Security Blogs Your CFO Needs to Read

5 Security Blogs Your CFO Needs to Read

Before I started working at Threat Stack, security was not always at the top of my priority list. Now, as the CFO of a leading cloud security company, I’ve learned to take a more holistic view of security: I still view it as a necessity that ensures the safety of an organization’s data and systems, of course, but I also understand that it can be a powerful business enabler and business driver.

Put another way, I no longer view security as just an expense (a “necessary evil”?), and see it as an investment that adds ongoing value throughout the organization and beyond as it not only provides foundational security, but also bolsters corporate reputation, adds confidence to customer relations, streamlines sales cycles, reassures board members and investors, helps with achieving compliance, and so on.

In spite of the huge value it adds, security can still be something of a hard sell — especially in companies where resources, including budget, are limited. With that in mind, I want to use this post to share some of the things I’ve learned as CFO at Threat Stack. Read more “5 Security Blogs Your CFO Needs to Read”

What is Continuous Cloud Compliance & How Can I Achieve It?

Continuous Compliance

Cloud compliance, like cloud security, is never a one-and-done activity. To be compliant, you need to demonstrate it continuously. Systems must be locked down properly, users must follow specific access policies, alerts must be working properly, and so on. If a server is spun up and unprotected, if a user gets too much privileged access, or if alerts are ignored, you can quickly become noncompliant.

So how do you maintain cloud compliance day-in and day-out amongst all your other priorities? In this post, we’ll outline several ways that you can ensure compliance organization-wide, even after the big audit is complete. Read more “What is Continuous Cloud Compliance & How Can I Achieve It?”

Why HelloSign Chose Threat Stack to Accelerate Security Responses and Simplify Compliance

“We really appreciate Threat Stack’s great customer support and its Oversight team. Threat Stack takes feedback seriously and ensures that the customer’s voice is always heard. At HelloSign we are committed to making our users awesome, and we were pleased to see that Threat Stack shares the same belief.”Raaghav Srinivasan, Security Engineer at HelloSign


HelloSign is powering the future of intelligent business. The company’s software platform — which includes eSignature, digital workflow, and electronic fax solutions — converts process to revenue for over 50,000 companies around the world with HelloSign, HelloWorks, and HelloFax.  When HelloSign needed to strengthen its security posture, accelerate security responses, and simplify compliance as it continued to scale, they chose Threat Stack. Read more “Why HelloSign Chose Threat Stack to Accelerate Security Responses and Simplify Compliance”

9 Common Questions About SOC 2 Compliance

SOC 2 compliance is a crucial framework for technology and cloud computing companies today. As with many other compliance mandates, it is not a simple connect-the-dots proposition, but rather a complex set of requirements that must be reviewed and carefully addressed. But it doesn’t have to be overwhelming. Below, we’ll break down nine of the most common basic questions that we hear about SOC 2. Think of it as a 101 on SOC 2.

Read more “9 Common Questions About SOC 2 Compliance”

How to Generate Compliance Alert Reports Using the Threat Stack API

In previous posts we have described how Threat Stack can help demonstrate compliance, for example with PCI and FFIEC guidance, HIPAA, SOC 2, and other compliance frameworks. (See the Resources section below.) To assist our customers with these initiatives, we have created sample compliance rule sets that can be used to generate alerts that are mapped to specific requirements of these frameworks.

In this post we explain how to leverage the Threat Stack API to create reports of alerts from specific rule sets that can be given to auditors to help demonstrate compliance, used internally, or shared with customers.  Read more “How to Generate Compliance Alert Reports Using the Threat Stack API”

3 Key Points on How Vulnerability Management Can Help You Become Compliant

Two interesting observations:

The average number of days that attackers were present on a victim’s network before being discovered is 146 days. (FireEye)

At Threat Stack, we have observed that a majority of the market is moving toward automated security vulnerability and configuration scanning.


You would be hard pressed to come by a compliance framework that did not require you to have a system to detect and manage vulnerabilities. Vulnerabilities are as old as technology itself, so to call yourself compliant, you first need to demonstrate that you have a sound vulnerability management program in place.

Vulnerability management systems identify common vulnerabilities and exposures (also known as CVEs), alerting you when a server or package is at risk so you can patch it immediately.

Simply by having a vulnerability management program in place, you can often satisfy many other major compliance requirements. In this post, we’ll explain how vulnerability management helps you to become compliant. Read more “3 Key Points on How Vulnerability Management Can Help You Become Compliant”

How to Drive Efficiencies When Meeting Compliance Under a Deadline

Let’s say you just found out that you need to be compliant with HIPAA or PCI DSS in order to win a big piece of new business for your organization.

Whether it’s a potential customer, a partner, a regulatory body or government making the demand, business often can’t move forward without demonstrable compliance with certain frameworks. And these can be thorny, complex, and time-consuming to meet.

You’ve heard the horror stories about becoming compliant — it can take twice as long as expected to get all your requirements up to par; it can cost way more than budgeted; and sometimes organizations don’t pass an audit even after all that hard work. 

So what do you do?

We know meeting compliance isn’t a walk in the park. But if you’re prepared, you can cut to the chase a lot faster, within budget, and with fewer hiccups along the way. In this post, we’ll share a framework you can follow so you can get on the fast track to compliance. While a lot of tasks are involved in meeting compliance, there are ways to gain efficiencies as you work to meet a broad range of requirements. 

Ready to dive in? Read more “How to Drive Efficiencies When Meeting Compliance Under a Deadline”

Five Questions to Ask When a Customer or Partner Asks You to Become Compliant

If you operate in a regulated industry, or have customers or partners who do, being compliant is non-negotiable. If regulatory requirements mandate compliance, you’ll be required to produce certain evidence in order to be certifiably compliant. And in order for many customers to do business with you, you need to be able to demonstrate how you’re compliant.

But before you jump right in, there are a few questions you should be asking yourself and your customers or partners. These are designed to clarify their expectations and help to scope out their compliance requirements. Becoming compliant is a large undertaking, so knowing where to start is just as important as knowing where to end. That’s why understanding exactly what your customers or partners require of you can help to narrow the scope and keep your team focused on the right compliance initiatives.

Based on conversations we’ve had with customers, here are five clarifying questions to ask yourselves internally when a customer or prospect inquires about compliance. Read more “Five Questions to Ask When a Customer or Partner Asks You to Become Compliant”